Blocking By Country

There are times when you’ll want to limit access and block whole countries. Why? Because there are times when it’s necessary.

Here’s a script that builds a script….

It downloads the IP ranges from www.ipdeny.com, works through a list of two letter country codes to create a bash script that will:

Delete an existing iptables chain.
Creates a new chain “BadCountry”.
Adds this to the top of the INPUT chain to pass anything on port 80 to the BadCountry chain.
Adds all the IP blocks in the relevant countries to the BadCountry chain with a reject/unreachable.

Feel free to adapt it to your needs.

(Oh, and you can also call the script with the parameter undo and it’ll delete the chain.)